The Hacker News — Cyber Security, Hacking, Technology News

As promised last week, Google's Project Zero researcher Ian Beer now publicly disclosed an exploit that works on almost all 64-bit Apple devices running iOS 11.1.2 or earlier, which can be used to build an iOS jailbreak, allowing users to run apps from non-Apple sources.

On Monday morning, Beer shared the details on the exploit, dubbed "tfp0," which leveraged double-free memory corruption vulnerabilities in the kernel, the core of the operating system.

Here, "tfp0" stands for "task for pid 0" or the kernel task port—which gives users full control over the core of the operating system.

The Project Zero researcher responsibly reported these vulnerabilities to Apple in October, which were patched by the company with the release of iOS 11.2 on 2nd December.

While Beer says he has successfully tested his proof of concept exploit on the iPhone 6s and 7, and iPod Touch 6G, he believes that his exploit should work on all 64-bit Apple devices.

Another security researcher confirmed that the exploit released by Beer also works on his Apple TvOS 11.x and TV 4K running iOS 11.1.2.

What's worse? Since Apple's iOS mobile operating system and macOS desktop operating system share the same code base, the kernel for macOS is also vulnerable to the bug, according to a report published by Project Zero on Google's Chromium Blog.

Beer said he has also successfully tested the vulnerability on macOS 10.13, running on a MacBook Air 5.2, which Apple patched in macOS 10.13.1.

Earlier versions of the operating systems are still vulnerable to the exploit, which basically grants complete core access to the operating system and that is really what the jailbreak community requires.

Although we have not heard any news about iOS jailbreaks from the jailbreak community from very long, Beer's exploit could be the basis for a future iOS 11 jailbreak, allowing iPhone and iPad users to install third-party OS customizations via apps that are restricted by Apple.

If iOS 11.1.2 jailbreak surfaces in upcoming days, you can still downgrade to iOS 11.1.2 using iTunes even if you have updated to iOS 11.2 because Apple is still signing the operating system.

Apple’s new iOS 10 recently made headlines after MIT Technology Review revealed that the company had left the kernel of the mobile operating system unencrypted.

Yes, the first developer preview of iOS 10 released at WWDC has an unencrypted kernel.

When the headline broke, some of the users were surprised enough that they assumed Apple had made a mistake by leaving unencrypted kernel in iOS 10, and therefore, would get reverted in the next beta version of the operating system.

However, Apple managed to confirm everyone that the company left the iOS 10 kernel unencrypted intentionally, as the kernel cache does not contain any critical or private information of users.

On iOS, the kernel is responsible for things like security and how applications are capable of accessing the parts of an iPhone or an iPad.

Apple did this on purpose, because by leaving the iOS 10 kernel unencrypted, the company was "able to optimize the operating system's performance without compromising security," an Apple spokesperson told TechCrunch.

The kernel is the heart of any operating system. Apple has always kept the kernel under several layers of protection in previous versions of iOS, leaving developers as well as researchers in the dark.

So, the unencrypted kernel could help developers and security researchers look more closely at its code and find security flaws. After all, if more eyes are looking for flaws, it would be easier to discover and patch the issues more quickly than before.

MIT Technology Review also pointed out that this could prevent government and law enforcement agencies from exploiting vulnerabilities to crack locked iOS devices, like what the FBI did to hack into the San Bernardino shooter's iPhone.